package org.springframework.security.config.http;

import io.micrometer.observation.ObservationRegistry;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Map;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedMap;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.xml.XmlReaderContext;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.authorization.ObservationAuthorizationManager;
import org.springframework.security.config.Elements;
import org.springframework.security.config.http.GrantedAuthorityDefaultsParserUtils;
import org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler;
import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager;
import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.1.0.jar:org/springframework/security/config/http/AuthorizationFilterParser.class */
public class AuthorizationFilterParser implements BeanDefinitionParser {
    private static final String ATT_USE_EXPRESSIONS = "use-expressions";
    private static final String ATT_ACCESS_DECISION_MANAGER_REF = "access-decision-manager-ref";
    private static final String ATT_OBSERVATION_REGISTRY_REF = "observation-registry-ref";
    private static final String ATT_HTTP_METHOD = "method";
    private static final String ATT_PATTERN = "pattern";
    private static final String ATT_ACCESS = "access";
    private static final String ATT_SERVLET_PATH = "servlet-path";
    private static final String ATT_FILTER_ALL_DISPATCHER_TYPES = "filter-all-dispatcher-types";
    private String authorizationManagerRef;
    private final BeanMetadataElement securityContextHolderStrategy;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.1.0.jar:org/springframework/security/config/http/AuthorizationFilterParser$DefaultWebSecurityExpressionHandlerBeanFactory.class */
    static class DefaultWebSecurityExpressionHandlerBeanFactory extends GrantedAuthorityDefaultsParserUtils.AbstractGrantedAuthorityDefaultsBeanFactory {
        private DefaultHttpSecurityExpressionHandler handler = new DefaultHttpSecurityExpressionHandler();

        DefaultWebSecurityExpressionHandlerBeanFactory() {
        }

        @Override // org.springframework.security.config.http.GrantedAuthorityDefaultsParserUtils.AbstractGrantedAuthorityDefaultsBeanFactory
        public DefaultHttpSecurityExpressionHandler getBean() {
            if (this.rolePrefix != null) {
                this.handler.setDefaultRolePrefix(this.rolePrefix);
            }
            return this.handler;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.1.0.jar:org/springframework/security/config/http/AuthorizationFilterParser$ObservationRegistryFactory.class */
    static class ObservationRegistryFactory implements FactoryBean<ObservationRegistry> {
        ObservationRegistryFactory() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.beans.factory.FactoryBean
        public ObservationRegistry getObject() throws Exception {
            return ObservationRegistry.NOOP;
        }

        @Override // org.springframework.beans.factory.FactoryBean
        public Class<?> getObjectType() {
            return ObservationRegistry.class;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.1.0.jar:org/springframework/security/config/http/AuthorizationFilterParser$RequestMatcherDelegatingAuthorizationManagerFactory.class */
    public static final class RequestMatcherDelegatingAuthorizationManagerFactory implements FactoryBean<AuthorizationManager<HttpServletRequest>> {
        private Map<RequestMatcher, AuthorizationManager<RequestAuthorizationContext>> beans;
        private ObservationRegistry observationRegistry = ObservationRegistry.NOOP;

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.beans.factory.FactoryBean
        public AuthorizationManager<HttpServletRequest> getObject() throws Exception {
            RequestMatcherDelegatingAuthorizationManager.Builder builder = RequestMatcherDelegatingAuthorizationManager.builder();
            for (Map.Entry<RequestMatcher, AuthorizationManager<RequestAuthorizationContext>> entry : this.beans.entrySet()) {
                builder.add(entry.getKey(), entry.getValue());
            }
            RequestMatcherDelegatingAuthorizationManager build = builder.build();
            return !this.observationRegistry.isNoop() ? new ObservationAuthorizationManager(this.observationRegistry, build) : build;
        }

        @Override // org.springframework.beans.factory.FactoryBean
        public Class<?> getObjectType() {
            return AuthorizationManager.class;
        }

        public void setRequestMatcherMap(Map<RequestMatcher, AuthorizationManager<RequestAuthorizationContext>> map) {
            this.beans = map;
        }

        public void setObservationRegistry(ObservationRegistry observationRegistry) {
            this.observationRegistry = observationRegistry;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationFilterParser(BeanMetadataElement beanMetadataElement) {
        this.securityContextHolderStrategy = beanMetadataElement;
    }

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        if (!isUseExpressions(element)) {
            parserContext.getReaderContext().error("AuthorizationManager must be used with `use-expressions=\"true\"", element);
            return null;
        }
        if (StringUtils.hasText(element.getAttribute(ATT_ACCESS_DECISION_MANAGER_REF))) {
            parserContext.getReaderContext().error("AuthorizationManager cannot be used in conjunction with `access-decision-manager-ref`", element);
            return null;
        }
        this.authorizationManagerRef = createAuthorizationManager(element, parserContext);
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AuthorizationFilter.class);
        rootBeanDefinition.getRawBeanDefinition().setSource(parserContext.extractSource(element));
        rootBeanDefinition.addConstructorArgReference(this.authorizationManagerRef);
        if ("false".equals(element.getAttribute(ATT_FILTER_ALL_DISPATCHER_TYPES))) {
            rootBeanDefinition.addPropertyValue("shouldFilterAllDispatcherTypes", Boolean.FALSE);
        }
        AbstractBeanDefinition beanDefinition = rootBeanDefinition.addPropertyValue("securityContextHolderStrategy", this.securityContextHolderStrategy).getBeanDefinition();
        String attribute = element.getAttribute("id");
        if (StringUtils.hasText(attribute)) {
            parserContext.registerComponent(new BeanComponentDefinition(beanDefinition, attribute));
            parserContext.getRegistry().registerBeanDefinition(attribute, beanDefinition);
        }
        return beanDefinition;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAuthorizationManagerRef() {
        return this.authorizationManagerRef;
    }

    private String createAuthorizationManager(Element element, ParserContext parserContext) {
        XmlReaderContext readerContext = parserContext.getReaderContext();
        String attribute = element.getAttribute("authorization-manager-ref");
        if (StringUtils.hasText(attribute)) {
            return attribute;
        }
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
        String attribute2 = childElementByTagName != null ? childElementByTagName.getAttribute("ref") : null;
        if (attribute2 == null) {
            attribute2 = registerDefaultExpressionHandler(parserContext);
        }
        MatcherType fromElementOrMvc = MatcherType.fromElementOrMvc(element);
        ManagedMap managedMap = new ManagedMap();
        for (Element element2 : DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL)) {
            String attribute3 = element2.getAttribute(ATT_ACCESS);
            BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) WebExpressionAuthorizationManager.class);
            rootBeanDefinition.addPropertyReference("expressionHandler", attribute2);
            rootBeanDefinition.addConstructorArgValue(attribute3);
            managedMap.put(createMatcher(fromElementOrMvc, element2, parserContext), rootBeanDefinition.getBeanDefinition());
        }
        return readerContext.registerWithGeneratedName(BeanDefinitionBuilder.rootBeanDefinition((Class<?>) RequestMatcherDelegatingAuthorizationManagerFactory.class).addPropertyValue("requestMatcherMap", managedMap).addPropertyValue("observationRegistry", getObservationRegistry(element)).getBeanDefinition());
    }

    private BeanMetadataElement createMatcher(MatcherType matcherType, Element element, ParserContext parserContext) {
        String attribute = element.getAttribute("pattern");
        String attribute2 = element.getAttribute("request-matcher-ref");
        boolean hasText = StringUtils.hasText(attribute2);
        if (!hasText && !StringUtils.hasText(attribute)) {
            parserContext.getReaderContext().error("path attribute cannot be empty or null", element);
        }
        String attribute3 = element.getAttribute(ATT_HTTP_METHOD);
        if (!StringUtils.hasText(attribute3)) {
            attribute3 = null;
        }
        String attribute4 = element.getAttribute(ATT_SERVLET_PATH);
        if (!StringUtils.hasText(attribute4)) {
            attribute4 = null;
        } else if (!MatcherType.mvc.equals(matcherType)) {
            parserContext.getReaderContext().error("servlet-path is not applicable for request-matcher: '" + matcherType.name() + "'", element);
        }
        return hasText ? new RuntimeBeanReference(attribute2) : matcherType.createMatcher(parserContext, attribute, attribute3, attribute4);
    }

    String registerDefaultExpressionHandler(ParserContext parserContext) {
        RootBeanDefinition registerWithDefaultRolePrefix = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(parserContext, DefaultWebSecurityExpressionHandlerBeanFactory.class);
        String generateBeanName = parserContext.getReaderContext().generateBeanName(registerWithDefaultRolePrefix);
        parserContext.registerBeanComponent(new BeanComponentDefinition(registerWithDefaultRolePrefix, generateBeanName));
        return generateBeanName;
    }

    boolean isUseExpressions(Element element) {
        String attribute = element.getAttribute(ATT_USE_EXPRESSIONS);
        return !StringUtils.hasText(attribute) || "true".equals(attribute);
    }

    private BeanMetadataElement getObservationRegistry(Element element) {
        String attribute = element.getAttribute(ATT_OBSERVATION_REGISTRY_REF);
        return StringUtils.hasText(attribute) ? new RuntimeBeanReference(attribute) : BeanDefinitionBuilder.rootBeanDefinition((Class<?>) ObservationRegistryFactory.class).getBeanDefinition();
    }
}
